Tova mi prilicha na edin rootkit ot koito priatel oteche naskoro. Tochno
sashtia problem s ssh i ftp imashe. wu.ftpd li polzvash? Predlagam ti da
namerish chisti ls,ps,netstat i t.n., da boot vav single user mode i da se
poogledash kak e stanal exploita. Dano da gresha de, ama mai ne ;/
On
Da wu.ftpd polzvam no e patchnato.
Ne znam dali si zabeliazal no v slackware distribuciata ima fix za wu.ftpd
NO vednaga shtom se opitam da se connect i /var/log/messages mi dava tova:
Apr 26 10:35:50 gateway inetd[3767]: getpwnam: root: No such user
Apr 26 10:35:50 gateway inetd[75]: pid 3767:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
ami ti proweri li da ne si si delnal user-a root ?
(glupaw wypros)...
ta proweri li da ne sa te trojanizirali ?
shtoto e normalno da sreshtash takiwa anomalii ako sa te troqnizirali...
posle ti siguren li si che na otsreshtnata mashina
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
i az taka mislq ...
bash na trojan si mqza maj...
On Thursday 26 April 2001 09:59, you wrote:
Tova mi prilicha na edin rootkit ot koito priatel oteche naskoro. Tochno
sashtia problem s ssh i ftp imashe. wu.ftpd li polzvash? Predlagam ti da
http://www.chkrootkit.org/
locally checks for signs of a rootkit
Petko
Date: Thu, 26 Apr 2001 11:53:20 +0300 (EEST)
From: Marian Popov [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Subject: Re: lug-bg: remote connect (fwd)
Reply-To: [EMAIL PROTECTED]
Tia mashinata si e moia i az sym toia deto e
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
opitaj slednoto powecheto trojani podmenqt /bin/ls
za da krie files...
movesh da naprawish slednoto
cp /home/ftp/bin/ls /bin/
towa obiknowenno ne e trojannato
sled towa proweri w /usr/bin, /usr/lib
i tnt dali nqma nqkoq dir ot sorta na .(space)
-- Forwarded message --
Date: Wed, 25 Apr 2001 20:06:15 +0300 (EEST)
From: Marian Popov [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Subject: lug-bg: remote connect
Zdraveite.
Izvednyj neshto stana s telneta i ssh-a mi.
Sega ne moga da se connectna ot nikyde po nikakyv nachin.